CVE-2017-7898

{"id": "CVE-2017-7898", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-06-30T03:29:00.703", "references": [{"url": "http://www.securitytracker.com/id/1038546", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-04", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-307"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-307"}]}], "descriptions": [{"lang": "en", "value": "An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. There are no penalties for repeatedly entering incorrect passwords."}, {"lang": "es", "value": "Se detect\u00f3 un problema de Restricci\u00f3n Inapropiada de Intentos de Autenticaci\u00f3n Excesivos en los controladores l\u00f3gicos programables MicroLogix 1100 1763-L16AWA, Series A y B, versi\u00f3n 16.00 y anteriores ; 1763-L16BBB, Serie A y B, versi\u00f3n 16.00 y anteriores; 1763-L16BWA, Serie A y B, versi\u00f3n 16.00 y anteriores; y 1763-L16DWD, Series A y B, versi\u00f3n 16.00 y anteriores de Allen-Bradley en Rockwell Automation y controladores l\u00f3gicos programables MicroLogix 1400 1766-L32AWA, Series A y B, versi\u00f3n 16.00 y anteriores; 1766-L32BWA, Serie A y B, versi\u00f3n 16.00 y anteriores; 1766-L32BWAA, Serie A y B, versi\u00f3n 16.00 y anteriores; 1766-L32BXB, Serie A y B, versi\u00f3n 16.00 y anteriores; 1766-L32BXBA, Serie A y B, versi\u00f3n 16.00 y anteriores; y 1766-L32AWAA, Series A y B, versi\u00f3n 16.00 y anteriores de Allen-Bradley en Rockwell Automation . No se presentan penalizaciones por introducir repetidamente contrase\u00f1as inapropiadas."}], "lastModified": "2019-10-03T00:03:26.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:1763-l16awa_series_a:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E44D0CCE-EDA7-4DF2-B67B-C59DFAE7F888", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1763-l16awa_series_b:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58E4AB51-E136-4AA3-AFF9-50F240489856", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1763-l16bbb_series_a:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6006CE1E-08EC-4AFC-8F35-73B24AA7F08D", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1763-l16bbb_series_b:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F52398D3-996E-4291-887F-6B8E0AF24AFF", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1763-l16bwa_series_a:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61603F24-7505-4A9E-BA9E-57C7B5A60A6E", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1763-l16bwa_series_b:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9558148B-3000-4D83-9AB0-380D7FBB0C9A", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1763-l16dwd_series_a:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C805AFD6-481C-4A32-9CE8-281F9B793263", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1763-l16dwd_series_b:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC9E1F42-4F17-4EA4-8D0F-30220F560A0E", "versionEndIncluding": "16.000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:ab_micrologix_controller:1100:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FA98842B-9D09-4C37-AB34-4E9FA566BAD8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:rockwellautomation:1766-l32awa_series_a:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C8E3AF6-1017-4A18-99CA-854F1022ED66", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32awa_series_b:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A093AA8B-7DB9-4373-AE8F-F8B879A4BE5E", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32awaa_series_a:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25DA9309-964B-4C1C-8B95-9C1CD80DDC74", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32awaa_series_b:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D51D3F6-ABB3-4FFD-81D5-B3D3C29F0A46", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwa_series_a:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC05C3A1-1042-46AD-83D8-765AF4C9BCD9", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwa_series_b:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6218A006-1F60-4E29-85CC-7D1BCBD7C734", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_a:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B863572-CECF-47DF-AF6F-C25F88200DBE", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bwaa_series_b:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59BEBB0E-8C6E-4663-9E0C-E755C2EF0041", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxb_series_a:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1303D987-4A44-4F33-992E-0C7E683EC7A9", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxb_series_b:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E7D8E09-D97D-45FF-9AD0-A9B0A846E600", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxba_series_a:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D9C64FB-A613-4940-86E6-95431B907159", "versionEndIncluding": "16.000"}, {"criteria": "cpe:2.3:a:rockwellautomation:1766-l32bxba_series_b:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5C50D4A-EB32-4BE4-B9E6-D25494E2EF55", "versionEndIncluding": "16.000"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rockwellautomation:ab_micrologix_controller:1400:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FFF2EF59-F451-490D-A7AF-E66D11493948"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}